package cn.java81.jdbc;

import cn.java81.util.DbUtil;

import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.util.Scanner;

/**
 * @author oldliu
 * @since 1.0
 */
public class SelectStudent {
    public static void main(String[] args) {

        //占位符的方案：错误
        String sql="select ?,?,? from s_student limit 0,10";

        Connection connection = DbUtil.getConnection();
        PreparedStatement st=null;
        ResultSet rs=null;
        try {
            st=connection.prepareStatement(sql);
            //sql注入漏洞
            System.out.println(sql);
            st.setString(1,"sname");
            st.setString(2,"qq");
            st.setString(3,"sex");
            rs=st.executeQuery();
            while (rs.next()){
                System.out.println(rs.getString(1));
            }
        } catch (SQLException e) {
            e.printStackTrace();
        }finally {
            DbUtil.close(rs,st,connection);
        }

    }
}
